Changes in c2aff3f: Renamed gre plus ipsec to GRE plus IPsec

howto/GRE-plus-IPsec.md

@@ -0,0 +1,34 @@

+# GRE+IPsec

+

+## Why GRE?

+* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.

+* It has a smaller header than UDP.

+* GRE tunnels are processed in-kernel on *nix systems.

+* It's supported by hardware routers.

+

+## Why IPsec?

+* GRE provides no encryption and authentication of it's own.

+* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.

+

+## Problems with GRE

+* GRE is defined directly on top of IP.

+* Broken NAPT implementations will stop GRE tunnels.

+

+## Problems with IPsec

+* ESP is defined directly on top of IP.

+* NAT support was added as an aftertought to IPsec.

+* IKEv1 is too complex.

+* Racoon has useless error messages.

+

+## Requirements for sane operation

+* Identify your peers by X.509 certificates

+* At least one peer should operate his own (Sub-)CA.

+

+## How to configure a GRE tunnel on FreeBSD

+See [GRE on FreeBSD](gre-on-freebsd).

+

+## How to configure IPsec on FreeBSD

+See [IPsec on FreeBSD](ipsec-on-freebsd).

+

+## How to configure GRE + IPsec on Debian

+See [GRE + IPsec on Debian](gre-plus-ipsec-debian).

\ No newline at end of file

howto/gre-plus-ipsec.md

@@ -1,34 +0,0 @@

-# GRE+IPsec

-

-## Why GRE?

-* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.

-* It has a smaller header than UDP.

-* GRE tunnels are processed in-kernel on *nix systems.

-* It's supported by hardware routers.

-

-## Why IPsec?

-* GRE provides no encryption and authentication of it's own.

-* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.

-

-## Problems with GRE

-* GRE is defined directly on top of IP.

-* Broken NAPT implementations will stop GRE tunnels.

-

-## Problems with IPsec

-* ESP is defined directly on top of IP.

-* NAT support was added as an aftertought to IPsec.

-* IKEv1 is too complex.

-* Racoon has useless error messages.

-

-## Requirements for sane operation

-* Identify your peers by X.509 certificates

-* At least one peer should operate his own (Sub-)CA.

-

-## How to configure a GRE tunnel on FreeBSD

-See [GRE on FreeBSD](gre-on-freebsd).

-

-## How to configure IPsec on FreeBSD

-See [IPsec on FreeBSD](ipsec-on-freebsd).

-

-## How to configure GRE + IPsec on Debian

-See [GRE + IPsec on Debian](gre-plus-ipsec-debian).

\ No newline at end of file

...	...	@@ -0,0 +1,34 @@
	1	+# GRE+IPsec
	2	+
	3	+## Why GRE?
	4	+* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.
	5	+* It has a smaller header than UDP.
	6	+* GRE tunnels are processed in-kernel on *nix systems.
	7	+* It's supported by hardware routers.
	8	+
	9	+## Why IPsec?
	10	+* GRE provides no encryption and authentication of it's own.
	11	+* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.
	12	+
	13	+## Problems with GRE
	14	+* GRE is defined directly on top of IP.
	15	+* Broken NAPT implementations will stop GRE tunnels.
	16	+
	17	+## Problems with IPsec
	18	+* ESP is defined directly on top of IP.
	19	+* NAT support was added as an aftertought to IPsec.
	20	+* IKEv1 is too complex.
	21	+* Racoon has useless error messages.
	22	+
	23	+## Requirements for sane operation
	24	+* Identify your peers by X.509 certificates
	25	+* At least one peer should operate his own (Sub-)CA.
	26	+
	27	+## How to configure a GRE tunnel on FreeBSD
	28	+See [GRE on FreeBSD](gre-on-freebsd).
	29	+
	30	+## How to configure IPsec on FreeBSD
	31	+See [IPsec on FreeBSD](ipsec-on-freebsd).
	32	+
	33	+## How to configure GRE + IPsec on Debian
	34	+See [GRE + IPsec on Debian](gre-plus-ipsec-debian).
...	...	\ No newline at end of file

...	...	@@ -1,34 +0,0 @@
1		-# GRE+IPsec
2		-
3		-## Why GRE?
4		-* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.
5		-* It has a smaller header than UDP.
6		-* GRE tunnels are processed in-kernel on *nix systems.
7		-* It's supported by hardware routers.
8		-
9		-## Why IPsec?
10		-* GRE provides no encryption and authentication of it's own.
11		-* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.
12		-
13		-## Problems with GRE
14		-* GRE is defined directly on top of IP.
15		-* Broken NAPT implementations will stop GRE tunnels.
16		-
17		-## Problems with IPsec
18		-* ESP is defined directly on top of IP.
19		-* NAT support was added as an aftertought to IPsec.
20		-* IKEv1 is too complex.
21		-* Racoon has useless error messages.
22		-
23		-## Requirements for sane operation
24		-* Identify your peers by X.509 certificates
25		-* At least one peer should operate his own (Sub-)CA.
26		-
27		-## How to configure a GRE tunnel on FreeBSD
28		-See [GRE on FreeBSD](gre-on-freebsd).
29		-
30		-## How to configure IPsec on FreeBSD
31		-See [IPsec on FreeBSD](ipsec-on-freebsd).
32		-
33		-## How to configure GRE + IPsec on Debian
34		-See [GRE + IPsec on Debian](gre-plus-ipsec-debian).
...	...	\ No newline at end of file